Fluid Attacks Database

Description

Denial of Service in mqtt-packet Versions of mqtt-packet prior to 3.4.6, or 4.x prior to 4.0.5 are affected by a denial of service vulnerability wherein specific sequences of MQTT packets can crash the application.

Recommendation

Version 3.x: Update to version 3.4.6 or later. Version 4.x: Update to version 4.0.5 or later.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
npm	mqtt-packet	>=0 <3.4.6 \|\| >=4.0.0 <4.0.5	3.4.6, 4.0.5

Aliases

1. CVE-2016-105232. NVD-2016-105233. OSV-2016-105234. GHSA-g3r2-65gc-qpqc5. GCVE-2016-10523

References

1. https://github.com/mcollina/mosca/issues/3932. https://github.com/mqttjs/mqtt-packet/pull/83. https://www.npmjs.com/advisories/75

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.